Defeating Modern Day Anti-Viruses for Defense Evaluation

Abstract

A system without an antivirus is just like a house with an open door. The majority of the attacks aim to compromise the endpoint. Anti-virus (AV) is used at the endpoint in conjunction with the firewall. With the increase in sophisticated attacks, many advancements have been done in AV. Now we see modern AV in the form of Endpoint Detection & Response (EDR). However, threat actors are still successful in evading EDR. Past research focuses on preventive measures in security rather than investigating how attack surface is increasing and AV won't help in defending our system. In this paper, we will present some techniques that can be used to evade modern-day next-generation AV. This research aims to help penetration testers and security researchers, to see how an advanced AV can be bypassed.